Friday, 19 September 2014

The Data Protection Commissioner has not said whether a breach took place.

The Journal, 10th September 2014

IRISH WATER HAS apologized for sending more than 6,000 letters with incorrect names to customers, but says it does not believe the mistake represents a data breach.

The semi-state company had been investigating the possibility of a data breach after it emerged that letters sent to 6,329 multiple home-owners this month were wrongly addressed.

Ironically, the letters had asked customers to confirm their personal details, to allow Irish Water to update their customer database before water charges come into force next month.

Responding to an enquiry from TheJournal.ie, a spokesperson from the office of the Data Protection Commissioner did not address whether or not a data breach had taken place.

In their statement this evening, Irish Water confirmed the mistake had come to their attention last Tuesday, and that they had reported it to the Data Protection Commissioner.

In line with this process, Irish Water has sent letters to owners of multiple properties asking them to confirm the details of properties they own. Irish Water is aware that incorrect names have appeared on correspondence issued to 6,329 of these individuals. This became apparent on 4th September.

Irish Water acted immediately to resolve this issue and all of the property owners affected have been advised accordingly.

On becoming aware of the issue, Irish Water also immediately informed the Office of the Data Protection Commissioner (DPC) and our understanding is that the issuing of the letters does not constitute a breach and that the Office of the DPC are satisfied with how Irish Water have dealt with the issue.

Our customer contact centre (1890 448 448) is available to respond to any customer queries or concerns.

Irish Water has apologised for any confusion and concern that this might have caused affected customers.

Despite an enquiry by TheJournal.ie, the Office of the DPC did not clarify this evening whether or not a data breach had occurred.

A spokesperson did, however, say the DPC had “concluded its investigation.”

Irish Water notified this office on 4th September of a potential data security breach…

Irish Water notified the affected individuals of the matter and sought return of the incorrectly addressed letters.

Irish Water have informed this office of the steps being taken to prevent a repeat of this type of incident.

On this basis, this office concluded its investigation into the matter.